MDL-22388 Added some checks to kill these scripts dead with an unequivocal notice...
[moodle.git] / login / forgot_password_form.php
1 <?php
3 if (!defined('MOODLE_INTERNAL')) {
4     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
5 }
7 require_once $CFG->libdir.'/formslib.php';
9 class login_forgot_password_form extends moodleform {
11     function definition() {
12         $mform    =& $this->_form;
13         $renderer =& $mform->defaultRenderer();
15         $mform->addElement('header', '', get_string('searchbyusername'), '');
17         $mform->addElement('text', 'username', get_string('username'));
18         $mform->setType('username', PARAM_RAW);
20         $submitlabel = get_string('search');
21         $mform->addElement('submit', 'submitbutton', $submitlabel);
23         $mform->addElement('header', '', get_string('searchbyemail'), '');
25         $mform->addElement('text', 'email', get_string('email'));
26         $mform->setType('email', PARAM_RAW);
28         $submitlabel = get_string('search');
29         $mform->addElement('submit', 'submitbutton', $submitlabel);
30     }
32     function validation($data, $files) {
33         global $CFG, $DB;
35         $errors = parent::validation($data, $files);
37         if ((!empty($data['username']) and !empty($data['email'])) or (empty($data['username']) and empty($data['email']))) {
38             $errors['username'] = get_string('usernameoremail');
39             $errors['email']    = get_string('usernameoremail');
41         } else if (!empty($data['email'])) {
42             if (!validate_email($data['email'])) {
43                 $errors['email'] = get_string('invalidemail');
45             } else if ($DB->count_records('user', array('email'=>$data['email'])) > 1) {
46                 $errors['email'] = get_string('forgottenduplicate');
48             } else {
49                 if ($user = get_complete_user_data('email', $data['email'])) {
50                     if (empty($user->confirmed)) {
51                         $errors['email'] = get_string('confirmednot');
52                     }
53                 }
54                 if (!$user and empty($CFG->protectusernames)) {
55                     $errors['email'] = get_string('emailnotfound');
56                 }
57             }
59         } else {
60             if ($user = get_complete_user_data('username', $data['username'])) {
61                 if (empty($user->confirmed)) {
62                     $errors['email'] = get_string('confirmednot');
63                 }
64             }
65             if (!$user and empty($CFG->protectusernames)) {
66                 $errors['username'] = get_string('usernamenotfound');
67             }
68         }
70         return $errors;
71     }
73 }